Wednesday, March 20, 2013

I have discovered another security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing.

Impact

This does not occur on stock Android from Google. This flaw only seems to be present on Samsung's version of Android. I have only tested it on a Galaxy Note II running 4.1.2 - I believe it should work on Samsung Galaxy SIII. It may work on other devices from Samsung.

My test phone was running 4.1.2 with the Touchwiz launcher from Samsung.

Defending Against This Attack

Until Samsung release a patch, the only way this can be defended against is by completely removing the Samsung firmware and replacing it with a 3rd party ROM.This ROM for the Galaxy S III claims to have fixed the problem.I'm sure there will be ROMs for other Galaxy devices in due course.

Responsible Disclosure

I reported this flaw to Samsung in late February. They are working on a patch which they assure me will be released shortly.I have delayed public disclosure of this vulnerability. I also asked if they wanted me to delay publication until a patch was ready - however they declined this offer.

If you discover a security issue with Samsung's mobile products, I strongly encourage you to email m.security AT samsung.com

They will provide their PGP public key if you wish to ensure your communications with them are secure.

Tuesday, March 19, 2013

Allegedly, the hackers who targeted Krebs did so because he helped to reveal the method by which they have been compromising the accounts of "Microsoft employees who work on the Xbox Live gaming platform," Krebs writes .

The method apparently involves acquiring and then utilizing the employees' social security numbers along with some social engineering to obtain access to those accounts. "Attackers are targeting high-profile Microsoft employees by social engineering other companies."

In a statement given to The Verge, Microsoft confirmed that "a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees" have in fact been compromised. However, Microsoft denies that it in any way collects or utilizes SSNs in conjunction with Xbox Live accounts.

We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees.

Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts.

Attackers are targeting high-profile Microsoft employees by social engineering other companies that do use this data to intercept security proofs from Microsoft to compromise the accounts.

For its part, Microsoft is directing Xbox Live users to its standard security recommendations at xbox.com/security . However, for now the strongest line of defense offered there appears to be those self-same " security proofs ," at least one of which was compromised thanks to a third party.

Monday, March 18, 2013

I did originally post this on the nvidia forums but they have silently deleted it , obviously they do not like what I have found becoming public .

Firstly I will give a bit of history for those that are unaware. NVidia's has for a long time had two ranges of cards, the GeForce for the gaming market, and Quadro for the professional market, and more recently the Tesla range for high end parallel computing stuff. As I am sure most of you would be aware, it is cheaper to manufacture a single chip and cripple it in some way for different product lines then it is to make different silicon for every product.

In the past it has been possible to convert the GeForce cards into Quadro if you could find what they call 'hardware straps' on the board and change them. These straps control the PCI Device ID that the card reports to the computer, and as such, what the drivers will allow the card to do. Recently nVidia changed the way this all works and it has not been possible for quite a few generations of cards until someone on the nVidia forums discovered that the GeForce 4xx something can be turned into its higher end card by changing the hardware strap values by means of an undocumented override in the EEPROM. They were quick to disable this by changing the drivers to look at only the hardware straps for the PCI ID.

I own a NVidia GTX 690 which I bought for two reasons, gaming, and multi monitor setup for work, NVidia made it very clear that this card would drive up to 3 screens in 2d, which it does quite nicely ... under windows ! The tight asses have decided that if you want this feature under Linux you have to get a Quadro which has Mosaic support . So naturally I decided to look at how mod the card, as the price difference is over $1000 between the GTX 690 and the Quadro K5000 (same GPU) and, get this... the K5000 is only single GPU and clocked some 25-30% slower then the gaming card, what a joke .

What NVidia has done is changed the way that it handles the straps, instead of just pulling the straps high or low to control the switches as they did previously, they are now read as analogue values. The scheme is as follows:

When pulling high:

5K = 8

10K = 9

15K = A

20K = B

25K = C

30K = D

35K = E

40K = F

When pulling low I expect this to be the same, but for 7 - 0, but I did not test this as the device ID I was targeting is >= 8.

There are two tiny SMD resistors on the board, one for each nibble of the PCI Device ID byte. Originally the GTX 690 has a device id of 0x1188, so to become a Quadro K5000 this has to be changed to 0x11BA, which equates to 20K and 15K resistors. If you wanted to change it to a Tesla K10, you would want to change it to 0x118F, which equates to 5K and 40K resistors.

This will only change the rear GPU on the GTX 690, I am yet to identify the resistors to change for the front one. I would also wager a bet that the new NVidia Titan can be upgraded into the Tesla K20 using the same method.

Anyway, enough with the description, here are the photos of what to change:

And the results:

Edit:

For those that are just spewing trash on HaD comments without doing a little research... the parts are identical, changing the Device ID just makes the binary blob advertise the additional features to the system, and enables them. It does NOT affect the clock speeds, and will not make the card faster for general day to day work unless you are using the specialised software that takes advantage of these 'professional' features. Changing the ID does not affect the clock speeds as they are configured by the BIOS which we are not touching.

And stock, the GTX690 is clocked FASTER then the K5000 and the Tesla K10, so you are getting a faster card in comparison, not making the GTX690 faster.

I repeat, this does NOT make your GTX 6XX card faster, nor does it make it slower.

Wednesday, March 13, 2013

just to clarify there is no need for any installed apps on the victim's account, Even if the victim has never allowed any application in his Facebook account I could still get full permission on his account via Facebook Messenger app_id (This bug works on any browser),

Also, It's important to mention that there is a special regex protection in Facebook Messenger app_id (app_id=220764691281998),

I was able to bypass it.

Bug 1:

Reported this bug at 6/03/2013, Facebook Security Team Fixed it immediately ,

Also reported more OAuth bugs at 26/02/2013, Facebook Security Team Fixed it very quickly

Monday, March 11, 2013

Hacking is definitely not as easy as shown in various movies, still there are thousands of newbies who wants to learn hacking for one or another reason but don’t know where to start from. So, below is a list of some website to start your journey.

list of various Ethical hacking Sites

No need to introduce this software. If you have a little bit of experience in hacking then you must have heard about Backtrack. This website provide many hacking tutorials using Backtrack. Have there own Training programs, blog and large community. Backtrack is highly popular among Security Professional and many top certifications like CEH use backtrack for teaching penetration testing. If you are a Backtrack beginner then you must bookmark this website.

Hellbound Hackers is a security training website which covers large number of security topics like programming, Encryption, Cracking etc. HellBound is one of largest hacking teaching sites out there. No matter, beginner or expert HellBound hackers is a great learning ground for everyone.

Hack This SIte is one of the best to learn ethical hacking. Hack This Site offers you various challenges to test and sharpen your skills. They have a vast selection Of ethical hacking articles,list of various useful tools and one of the best forums for your any hacking related query.

Evilzone is another great forum, where you can learn everything related to hacking. You can find many hacking experts in this forum. EvilZone is one of the biggest security related forum, having 6898 Members and 21538 Posts in 3197 Topics.

Go4expert is a programming and seo Forum and as the name suggest it covers many tutorials based on programming and web development tips. Go4excepert is best for newbies who is looking for great way to start learning ethical hacking.